<beans:beans
    xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
    ">

    <http>
        <form-login login-page="/signin"
                    default-target-url="/dashboard"
                    authentication-success-handler-ref="authenticationSuccessHandler"
                    authentication-failure-handler-ref="authenticationFailureHandler" />
        <logout logout-success-url="/" invalidate-session="true" delete-cookies="JSESSIONID" />

        <headers>
            <frame-options disabled="true" />
        </headers>

        <csrf disabled="true" />

        <!-- comment this out if you don't want to use Spring's remember me functionality -->
        <!-- (you can also change the key if you like; it's used to hash information in the resulting client-side cookie) -->
        <remember-me key="BnWANqCT5mdgbkqHmz2UfrWXhwiPlm"/>
    </http>

    <!--
        This is an in-memory (i.e. hard-coded) set of usernames and passwords. This isn't recommended for production usage,
        but it can be helpful when diagnosing security problems or for testing.
    -->
    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="structurizr" password="password" authorities="ROLE_USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>

</beans:beans>